Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 302

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
Chairman Warsh abstains from giving rate forecast as several members signal a hike in 2026
Inside India newsletter: Anthropic curbs ignite AI debate in India — efforts 'too slow, way too small'
Star City: Dark Forest
Trump and Iran's President Pezeshkian sign memorandum aimed to end war
You had one job, bank.
Boston recs, please!
auto shop keeps postponing major repair
Stock futures rise as Fed hints at possible rate hike in 2026; Kospi hits over 9,000 for the first time: Live updates
India’s largest stock exchange files for IPO as mega-listings gather pace
China to return as major oil buyer in August, JPMorgan says, naming its top stock picks